Following privacy breaches involving Rob Ford’s hospital records and the identities of new mothers at a Scarborough hospital, Hoskins announced Wednesday that he will introduce a bill that would double fines and make it easier to prosecute offenders.

“Because of the wealth of information potentially that’s out there for an individual to access for nefarious purposes, it is a growing challenge,” he said.

The bill would amend the Personal Health Information Protection Act to remove the six-month limitation on prosecutions following an offence, mandate the reporting of health privacy breaches to the Information and Privacy Commissioner, and increase fines to a maximum of $100,000 for individuals and $500,000 for organizations.

The health records of Toronto Councillor Rob Ford were repeatedly breached in hospital while he battled cancer.

Criminal charges have been laid after a massive privacy breach at Scarborough’s Rouge Valley Health System that saw the identifies of new moms allegedly sold to a firm offering education investment vehicles.

“My goal here has been to protect all Ontarians, not only from the potential of multiple breaches but one breach is one breach too many,” Hoskins said.

Ontario Information and Privacy Commissioner Brian Beamish said the legislation would put rules in place for shared electronic health records, which bring far greater risk of “snooping breaches” than paper records.

Currently, officials have six months from the date of a privacy breach to prosecute - even though the offence may not be fully investigated or even uncovered in that time frame, he said.

If an audit uncovers breaches going back years, the offender can only be prosecuted for those that took place within the previous six months, he said.

Patients who don’t have faith in the security and privacy of electronic health records may not provide full and accurate information to their health-care providers – and that could impact the health care they receive, he said.

“If someone finds out that their record has been accessed inappropriately, there is a basic feeling of violation,” he said. “And quite often in these cases, there is a certain maliciousness... behind the access.”

The bill will clarify who may collect use and disclose personal health information contained in electronic health records, Hoskins said.

The legislation would also provide a “consent directive” for individuals to mask personal health information.

Instances of medical privacy breaches in Ontario:

Former Toronto mayor Rob Ford’s health records were inappropriately accessed first at Humber River Hospital and then at Mount Sinai Hospital by staff as he received treatment for cancer. No one has been charged.(2014)

Rouge Valley Health System admitted the medical records of more than 8,000 new moms treated at its Scarborough site were accessed and then the private information allegedly sold to Registered Education Savings Plan (RESP) companies. Charges have been laid. (2014)

Norfolk General Hospital in Simcoe fired one of its nurses, claiming improper access was sought for the medical records of more than 1,300 patients. (2013)

More than a dozen hospital staff members were implicated in a privacy breach at Bluewater Health in Sarnia in which patient files were accessed, including possibly those of two accused murderers. (2013)